Skip to content
This repository was archived by the owner on Feb 10, 2024. It is now read-only.

chore(deps): update dependency y18n to 4.0.1 [security] #77

Merged
ff6347 merged 1 commit into from
Apr 29, 2021
Merged

chore(deps): update dependency y18n to 4.0.1 [security] #77

ff6347 merged 1 commit into from
Apr 29, 2021

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Mar 31, 2021
edited
Loading

WhiteSource Renovate

This PR contains the following updates:

Package Change
y18n 4.0.0 -> 4.0.1

GitHub Vulnerability Alerts

CVE-2020-7774

Overview

The npm package y18n before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to Prototype Pollution.

POC

const y18n = require('y18n')();

y18n.setLocale('__proto__');
y18n.updateLocale({polluted: true});

console.log(polluted); // true

Recommendation

Upgrade to version 3.2.2, 4.0.1, 5.0.5 or later.

Configuration

📅 Schedule: "" in timezone Europe/Berlin.

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box.

This PR has been generated by WhiteSource Renovate. View repository job log here.

@ff6347 ff6347 merged commit 4e900e0 into master Apr 29, 2021
@ff6347 ff6347 deleted the renovate/npm-y18n-vulnerability branch April 29, 2021 04:10
@ff6347
Copy link
Member

ff6347 commented Jul 4, 2022

🎉 This PR is included in version 1.0.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

@ff6347 ff6347 added the released label Jul 4, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ff6347 @renovate-bot